• Print
  • Share
  • Dark

NXDOMAIN Redirection Using DLZ in BIND 9.10 and later

  • Updated on 17 Sep 2018
  • 2 minutes to read
  • Contributors

This feature is also available in BIND 9.9-S
All information below also applies to BIND 9.9 Subscription Version.

NXDOMAIN redirection is a BIND feature providing the ability for a recursive server to replace an NXDOMAIN response to a query with a configured answer of its own.  This substitute response is returned to the original client in place of the NXDOMAIN response received by the server.  Recursive server administrators may use this redirection for their own purposes or to obtain advertising revenue from third parties who specialize in this business.  Use of this feature is optional and the default is off.  Unless the default behavior is overridden by the administrator a recursive BIND resolver will pass NXDOMAIN responses to the querying client without altering them.

The NXDOMAIN redirection feature debuted originally in BIND 9.9.0, and allowed simple redirection of NXDOMAIN responses based on the use of a new zone type (type redirect).  This original method of NXDOMAIN redirection remains supported, but in addition BIND 9.10 expands upon this feature by extending the Dynamically Loadable Zones (DLZ) feature set to allow more flexible control over NXDOMAIN responses.

As a side benefit of the improved DLZ support, BIND 9.10 and later allows operators to configure multiple DLZ data sources and specify their ordering.

In order to use a dynamically loadable zone, it must first be declared in a dlz definition block which specifies a data source and (optionally) declares the database to be searchable or not searchable.  The dlz declaration looks like this:

dlz "example" {
     database "dlopen driver.so database.name";
     search yes;    // the "search" line is optional; if unspecified it defaults to "yes"

The search keyword is new to the expanded DLZ support in BIND 9.10 and later.

  • If search is set to yes (or is unspecified) then the data source declared in that DLZ declaration is searched as part of the "best-match" fitting when a query comes in that is not covered by a regular zone.
  • If search is set to no, that data source is not used for "best-match" fitting but only where it is explicitly declared for use in a zone definition.

To use NXDOMAIN redirection with DLZ, configure a dlz declaration pointing to a database that will return the desired redirect answer and use the search no; option in your declaration:

dlz "nxdomain.redirect" {
     database "dlopen driver.so redirect.database";
     search no;

And then instruct named to use that as the data source for a zone definition of type redirect.

zone . {
     type redirect;
     dlz nxdomain.redirect;
Was this article helpful?